Search This Blog
Showing posts with label cyber savvy. Show all posts
Showing posts with label cyber savvy. Show all posts

Monday, November 28, 2016

Have jolly and cyber safe time...

The time of the year where we use the word 'jolly' more than any other time of the year is upon us. It is a most wonderful time of the year for sure.

It is also the time when we are shopping! And increasingly we are shopping online. We all like get the boxes at the front door!

I don't like sending messages like this one. They make me feel a lot less jolly and more like a grinch.

When we are shopping online, we are giving different organizations a fair amount of our personal information. Therefore we should all take steps keep our usernames and strong passwords secure. Here are some tips how to do that: Tips for Secure Online Shopping.

In summary this article tells us:

  1. Don't shop at a site if you're not comfortable
  2. Never click on links from spam emails to make purchases
  3. Check the web address to make sure you are on the correct site
  4. Check that the site is secure
  5. Use a credit card or an online payment service
  6. Do not use a public computer to shop online
  7. Only use a secure connection when you place your order
  8. Use strong passwords
You may also see more email activity afterwards from various companies. Be on the lookout for phishing schemes. Here is some good advice on how to avoid being phish fried: Avoid Phishing Fraud. 

Maybe to help us sort through this a bit further, John Nunnally provided an analysis of how to deal with a real example that was recently received by people at Harding.'

Please take some time to take a look at this example.

_____________________________________________________________

No links! It Must Be Safe…. Wrong.

Phishing Scheme – Analysis, Case 1: Remittance Advice

Here is a message recently received by a person at Harding:
At first glance this looks legitimate. But looking closer:
  • Do we know anyone named Charlotte Allison?  That would be the first question.  If not, we should go no further until we check.
  • Look at the from address:  charlotteanderson@wellsfargo.com.  Have you been doing any business with Wells Fargo?  Instead of that stopping us, we have a tendency to open the attachment to see why in the world Wells Fargo would be sending us something.  BAD IDEA!  That is exactly the reaction the scammers want you to have.
  • If you simply hover your mouse pointer over the attachment without clicking, you can see that it is named “Secure Remittance.htm”.  HTM files are executable web programs.  So if you click on this attachment you would most likely be connected to some bogus web site to do you harm.  Another red flag.
And then we should think about this email from the opposite point of view:
  • This email is so very generic.  It could be sent to anyone.  There is nothing that specifically references you as the recipient.  It doesn’t even identify the “Intermediary Bank” supposedly involved in this transaction. (it would be most unusual that people at Harding would send an email that said something generic such as ‘Dear User’)
  • Surely a message like this would at least provide a phone number to call in case you have questions.  In fact, it encourages you to contact Charlotte Anderson and then provides you with no contact information except replying to the email.
  • This scam even warns you in advance that by clicking on the attachment “You will be required to download and authenticate your email client” – So you are warned that you will be installing software on your computer and probably be expected to give away your username and password!  All scams should be so forthright!

So the only safe thing to do with this email -- delete it.
___________________________________________________________________

Even with all this seemingly dire information, all of us in IS&T want to wish you a jolly Christmas and holiday.





Posted by at No comments:
Labels: , , , , , ,

Thursday, October 15, 2015

Be Cyber Savvy



“My account has been hacked!”  


We hear this regularly, but in almost every case that is not an entirely true statement. 

 Hacking involves a person using technical methods to find a way around the security of systems and expose data that was supposedly secure.  Yes, such security breaches happen and when they do they make headline news.  But when a single personal account is compromised, “hacking” is usually not the reason.  In almost all cases of individual account compromises, we are simply fooled into giving away our private data or account credentials to a scammer.  It isn’t very high tech.

Protect yourself.  

  • Take the time to learn about “Phishing” and “Spear Phishing”.  This is something that anyone using technology should be doing. It is like being a pedestrian and learning how to safely cross the street, we just have to do it. Check out the “Valparaiso University Phishing Awareness” video at YouTube.  It is a VERY good video done by a Google Apps school.
  • Avoid randomly clicking on unfamiliar web links that pop up in a search result or in an advertisement. 
  • Don’t use a single password for all of your accounts. When you do, one mistake compromises ALL of your accounts!  


New security threats.

  • Nearly all of us are carrying a smart phone now which is, in essence, a small computer.  And like all computers these phones can be infected with malware.  We need to be using the same security techniques with our phones as we do with our computers:  
    • keep the software on your phone updated 
    • install software to help protect from malware.  There are some decent options out there for free.  One unfortunate employee recently had spam spewing from their e-mail account and it appears the source of the problem was malware on their Apple iPhone.
  •  As we all become more inclined to use the internet for shopping we have to remember to never use our Harding passwords for our other online accounts (Amazon, WalMart, etc.)  We know it's a bother to keep up with more than one password but please reserve your Harding password strictly for Harding use. Consider using tools like LastPass to manage your passwords.
Please ensure that your Harding password is different from other passwords you may use for your personal accounts.

What's new in office computing?

New update service

We are slowly implementing a new service that installs updates to a wide array of software on Windows computers.  Languard is scheduled to work overnight, as are most anti-virus scans, so you will want to leave you computer on overnight to avoid the having these things run during the day while you are trying to work.  We plan to evaluate the Apple version of the same product soon.


Secure Off Campus Connections

Harding now has a solution which will help protect your data when you must use your Harding laptop from an off-campus network.  Fortinet creates a secure connection to the campus network which not only protects any sensitive data you might need to access, but also gives you access to your M: drive and other departmental storage. Over the next few months we plan to install it on all Harding laptops.


New software

New software from Microsoft and Apple is being tested to make sure it works will with our campus tools.  Soon we will be looking for volunteers to help us test Windows 10, Mac OS 10.11 (El Capitan), and Office 2016 for Macs.  Once these are determined to be safe we will begin offering upgrades and training for those who would like to upgrade.  FYI Office 2016 is now available for iOS devices and it's free!

The material for this entry was written by Jim Baird and John Nunnally. Thank you Jim and John.


Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)